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1 This action is in response to the communication filed on 8/25/2010. 

2 DETAILED ACTION 

3 Response to Arguments 

4 Applicant' s arguments, filed 8/25/20 1 0, 

5 Applicant's arguments pertaining to claims 17 and 33 filed 8/25/2010 have been fully 

6 considered but are not found persuasive. The newly claimed limitations have been addressed 

7 accordingly below. 

8 Applicant's arguments with respect to claims 17 and 33 have been considered but are 

9 moot in view of the new ground(s) of rejection. 

10 The examiner notes that while the applicants have argued that the allowable subject 



1 1 matter from claim 1 has been incorporated into claims 17 and 33, the examiner disagrees. In 

12 claim 1, the allowable subject matter is all recited positively and each element is required by the 

13 claim. In the amended claims 17 and 33, the limitations have been recited in the alternative, and 

14 therefore are much broader, and fail to distinguish over the prior art. 



15 All objections and rejections not set forth below have been withdrawn. 

16 Claims 1-27,29,32,33,35, 38-44, and 49 have been examined. 

1 7 Information Disclosure Statement 

18 The information disclosure statement(s) (IDS) submitted are in compliance with the 



19 provisions of 37 CFR 1 .97. Accordingly, the examiner is considering the information disclosure 

20 statements. 
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1 Claim Rejections - 35 USC § 103 

2 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

3 obviousness rejections set forth in this Office action: 

4 A patent may not be obtained though the invention is not identically disclosed or 

5 described as set forth in section 102 of this title, if the differences between the subject matter 

6 sought to be patented and the prior art are such that the subject matter as a whole would have 

7 been obvious at the time the invention was made to a person having ordinary skill in the art to 

8 which said subject matter pertains. Patentability shall not be negatived by the manner in which 

9 the invention was made. 
10 

1 1 Claims 17, 18, 20-27, 29, 32, 33, 35, and 38-44, are rejected under 35 U.S.C. 103(a) as 



12 being unpatentable over Burch et al. (US Patent Application Publication 2005/0171872) 

1 3 hereinafter referred to as Burch, and further in view of Brovick et al. ("WINDOWS® 2000 

14 Active Directory™") hereinafter referred to as Brovick, and further in view of Grambihler et al. 

15 (US Patent Number 6560655) hereinafter referred to as Grambihler. 

16 Regarding claim 17, Burch disclosed a method comprising: receiving an event 

17 notification (See Burch Paragraph 0043); and synchronizing the local credentials and remote 

18 credentials (See Burch Paragraph 0043-0044) and changing at least one of the local credentials in 

19 a first local credential cache (Burch Paragraphs 0043-0044) wherein one of the local credentials 

20 and the remote credentials comprises at least one of the following: a token (Burch Certificate), 

21 and an XrML license, but Burch failed to specifically disclose enumerating local credentials and 

22 remote credentials in response to any one of a lock event, a startup event, a shutdown event, a 

23 logon event, a logoff event, an unlock event, a session event, a timer event, a manual request, 

24 and a credential update event. Burch did, however, disclose that the credential stores are 

25 directories (See Burch Paragraph 0022). 
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1 Burch further failed to disclose a synchronization module which: sorts the local 

2 credentials and the remote credentials into a local credential array and a remote credential array 

3 respectively and linearly compares the local credential array and the remote credential array; and 

4 stores a state file for conflict resolution, the state file comprising: a file version; a flag, wherein 

5 the flag indicates whether the credential is user protected (but Burch did disclose that some 

6 credentials are user protected in Paragraph 0055); and a credential state, wherein the credential 

7 state comprises: last time synchronization module called; last time local store changed; and last 

8 time remote cache changed. 

9 Burch further failed to disclose that the change to the first local credential was removal 

10 from the cache associated with a first device based upon the synchronizing module comparing 

1 1 the local credential array and the remote credential array, wherein the credential removed from 

12 the first local credential cache is identified and tagged by the synchronization module in a remote 

13 credential cache; and based on the synchronizing module comparing the local credential array 

14 and the remote credential array, removing the tagged credential from a second local credential 

15 cache associated with a second device, wherein the first device is different than the second 

16 device, without rewriting the tagged credential to the remote credential cache. However, 

17 addition and deletion of credentials in a credential store was well known in the art at the time of 

1 8 invention, and would have been obvious to the ordinary person skilled in the art at the time of 

19 invention. This would have been obvious because the ordinary person skilled in the art would 

20 have been motivated to have allowed flexibility in the authorizations granted within the system 

2 1 by allowing authorizations to be granted and taken away. 
22 
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1 Brovick teaches that Active Directory is a directory service, which provided replication 

2 of data between devices, as well as synchronization of the data between the devices in an Active 

3 Directory (See Brovick First Paragraph), and that in order to maintain synchronization between 

4 each copy of the directory, each update to a directory is provided with a USN which is compared 

5 with USNs in other devices to determine which updates need to be replicated (See Brovick 

6 "Keeping Track"). Brovick further teaches keeping track of timestamps of when the local and 

7 remote (replicated) data was updated (See Brovick "Conflict Resolution"), and when 

8 synchronization was last performed (See Brovick "Intra-Site Replication"). Brovick further 

9 teaches that when a change in one local cache is made, the domain controller will mark the 

10 change in an up-to-date vector, and then replicate the change in other caches throughout the 

1 1 network without undoing the change (Brovick "Keeping Track"). 

12 Further, it was well known in the art at the time of invention to sort data into arrays for 

13 linear comparison in order to ease the complexity of the comparison, as well as to use flags to 

14 track Boolean properties. 

15 It would have been obvious to the ordinary person skilled in the art at the time of 

1 6 invention to employ the teachings of Brovick in the credential store system of Burch by utilizing 

17 Active Directory to provided the directory service and the synchronization between the 

18 credential stores. This would have been obvious because the ordinary person skilled in the art at 

19 the time of invention would have been motivated to provide quick and efficient directory 

20 services across the distributed credential store. It further would have been obvious to the 

21 ordinary person skilled in the art at the time of invention to have sorted the local and remote 

22 credentials into a local and remote credential array, and then linearly comparing the arrays to 
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1 determine conflicts which need to be resolved. This would have been obvious because ordinary 

2 person skilled in the art at the time of invention would have been motivated to ease the 

3 complexity of the comparison for determining conflicts between the servers. In this 

4 combination, the USN reads on the claimed version number. Further still, it would have been 

5 obvious to the ordinary person skilled in the art at the time of invention to have stored a flag for 

6 each entry in the credential store to track whether the entry was personal (user protected) or not. 

7 This would have been obvious because the ordinary person skilled in the art would have been 

8 motivated to utilize a well known method for tracking Boolean properties to track the Boolean 

9 property of personal entry or not. Even further still, it would have been obvious to the ordinary 

1 0 person skilled in the art at the time of invention to have employed the teachings of Brovick in the 

1 1 synchronization system by marking the deletion of a credential from the cache, and propagating 

12 the change to the other caches in the network. This would have been obvious because the 

13 ordinary person skilled in the art would have been motivated to synchronize the caches. 

14 Burch further failed to disclose that the event notification comprised an unlock event. 

15 Grambihler teaches that synchronization can be performed in response to logon and 

16 logoff events (Grambihler Summary of the Invention). 

17 It would have been obvious to the ordinary person skilled in the art at the time of 

1 8 invention to have employed the teachings of Grambihler in the system of Brovick by performing 

19 the synchronization in response to logon and logoff events. This would have been obvious 

20 because the ordinary person skilled in the art would have been motivated to provide increased 

21 flexibility to the scheduling of the credential synchronization. 
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1 Further still, Brovick failed to specifically disclose handling errors, wherein error 

2 handling comprises returning a write state indication of a status of a credential write operation, 

3 wherein the write state indication consists of one of the following: a none indication, wherein the 

4 none indication comprises an indication that the credential was not altered; a partial indication, 

5 wherein the partial indication comprises an indication that the credential was partially altered; or 

6 a done indication, wherein the done indication comprises an indication that the credential was 

7 successfully changed. However, it was well known in the art of data transmission and 

8 synchronization at the time of invention to provide an acknowledgement of successful 

9 synchronization in the event that the synchronization of the data was completed successfully. As 

10 such, it would have been obvious to the ordinary person skilled in the art at the time of invention 

11 to have employed ACKs and NACKs of successful completion of synchronization. This would 

12 have been obvious because the ordinary person skilled in the art would have been motivated to 

13 ensure the synchronization operation was successful. 

14 Regarding claim 18, Burch, Brovick, and Grambihler taught that synchronizing the local 

15 credentials and the remote credentials is based on at least one time-stamp associated with the 

16 local credentials and at least one time-stamp associated with the remote credentials (See Brovick 

1 7 Conflict Resolution) . 

1 8 Regarding claim 20, Burch, Brovick, and Grambihler taught writing at least one of the 

19 local credentials to a remote credential cache (See Burch Paragraph 0056). 

20 Regarding claim 21, Burch, Brovick, and Grambihler taught writing at least one of the 

21 remote credentials to a local credential cache (See Burch Paragraph 0053). 
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1 Regarding claims 22-23, while Burch, Brovick, and Grambihler taught that changes in 

2 local credentials are duplicated in the remote credential store, and vice versa, they failed to 

3 specifically disclose deleting remote credentials. However, addition and deletion of credentials 

4 in a credential store is well known, and would have been obvious to the ordinary person skilled 

5 in the art at the time of invention. This would have been obvious because the ordinary person 

6 skilled in the art would have been motivated to have allowed flexibility in the authorizations 

7 granted within the system by allowing authorizations to be granted and taken away. 



8 Regarding claim 24, Burch, Brovick, and Grambihler taught modifying at least one of the 

9 local credentials at a local credential cache based on at least one of the remote credentials (See 

1 0 Burch Paragraph 0053). 

1 1 Regarding claim 25, Burch, Brovick, and Grambihler taught modifying at least one of the 

12 remote credentials at a remote credential cache based on at least one of the local credentials See 

1 3 Burch Paragraph 0056). 

14 Regarding claim 26, Burch, Brovick, and Grambihler taught updating a list of local 

15 credentials (See Brovick "Keeping Track"). 

16 Regarding claim 27, Burch, Brovick, and Grambihler taught updating a list of remote 

17 credentials (See Brovick "Keeping Track"). 

18 Regarding claim 29, Burch, Brovick, and Grambihler taught determining a state of the 

19 remote credentials dynamically (See Brovick "Intra-Site Replication" and "Inter-Site 

20 Replication"). 
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1 Regarding claim 32, Burch, Brovick, and Grambihler taught resolving a conflict of state 

2 between the local credentials and the remote credentials (See Burch Paragraph 0044 and Brovick 

3 "Conflict Resolution"). 
4 

5 
6 

7 Regarding claim 33, Burch disclosed a system comprising: an event handler to receive 

8 event notifications (See Burch Paragraph 0043-0044); and a synchronizing module operatively 

9 associated with the event handler, the synchronizing module implemented in computer-readable 

10 program code and executable by a processor to synchronize the local credentials and the remote 

1 1 credentials if the local and remote credentials are different from one another (See Burch 

12 Paragraph 0043-0044), but Burch failed to specifically disclose a local store manager to 

13 enumerate local credentials in response to receiving the event notification; a remote store 

14 manager to enumerate remote credentials in response to receiving the event notification, or 

15 wherein the event notification is one of a lock event, a startup event, a shutdown event, a Logon 

16 event, a Logoff event, an unlock event, a session event, a timer event, a manual request, and a 

17 credential update event. Burch did, however, disclose that the credential stores are directories 

1 8 (See Burch Paragraph 0022). 

19 Brovick teaches that Active Directory is a directory service, which provided replication 

20 of data between local and remote devices, as well as synchronization of the data between the 

2 1 devices in an Active Directory (See Brovick First Paragraph), and that in order to maintain 

22 synchronization between each copy of the directory, each update to a directory is provided with a 
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1 USN which is compared with USNs in other devices to determine which updates need to be 

2 replicated (See Brovick "Keeping Track"). 

3 It would have been obvious to the ordinary person skilled in the art at the time of 

4 invention to employ the teachings of Brovick in the credential store system of Burch by utilizing 

5 Active Directory to provided the directory service and the synchronization between the 

6 credential stores. This would have been obvious because the ordinary person skilled in the art at 

7 the time of invention would have been motivated to provide quick and efficient directory 

8 services across the distributed credential store. 

9 Grambihler teaches that synchronization can be performed in response to logon and 

10 logoff events (Grambihler Summary of the Invention). 

11 It would have been obvious to the ordinary person skilled in the art at the time of 

12 invention to have employed the teachings of Grambihler in the system of Burch and Brovick by 

13 performing the synchronization in response to notification of logon and logoff events. This 

14 would have been obvious because the ordinary person skilled in the art would have been 

15 motivated to provide increased flexibility to the scheduling of the credential synchronization. 



16 Regarding claim 35, Burch, Brovick, and Grambihler taught that the credentials include 

17 at least one of the following: an encryption credential, a token, an asymmetric key pair, a 

18 symmetric key, a digital certificate, an XrML license, an authentication credential, an 

19 authorization credential (See Burch Paragraphs 0022-0024). 

20 Regarding claim 38, Burch, Brovick, and Grambihler taught that the local credentials are 

21 stored in a local cache (See Burch Paragraph 0053). 
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1 Regarding claim 39, Burch, Brovick, and Grambihler taught that the local credentials are 

2 stored in a local cache provided at any number (n) of clients (See Burch Paragraph 0053). 

3 Regarding claim 40, Burch, Brovick, and Grambihler taught that the local credentials are 

4 encrypted using a master key (See Burch Paragraph 0025). 

5 Regarding claim 41, Burch, Brovick, and Grambihler taught that the remote credentials 

6 are stored in a remote cache (See Burch Paragraph 0056). 

7 Regarding claim 42, Burch, Brovick, and Grambihler taught that the local credentials are 

8 stored in a remote cache provided at any number (n) of hosts (see Burch Paragraph 0056). 

9 Regarding claim 43, Burch, Brovick, and Grambihler taught that the remote credentials 

10 are maintained by a remote directory service (Sec Burch Paragraphs 0022 and 0056). 

1 1 Regarding claim 44, Burch, Brovick, and Grambihler taught that the remote credentials 

12 are encrypted (See Burch Paragraph 0025). 
13 

14 Claim 19 is rejected under 35 U.S.C. 103(a) as being unpatentable over the combination 

15 of Burch, Brovick, and Grambihler as applied to claim 17, and further in view of Yianilos et al. 

16 (US Patent Application Publication 2002/0029214) hereinafter referred to as Yianilos. 

17 Burch, Brovick, and Grambihler disclosed detection of changes between local and 

18 remote credentials, but failed to disclose that the synchronizing was based on a comparison of 

19 hash values. 

20 Yianilos teaches an alternative method for detecting differences between entries in a 

21 synchronization system which involves generating a hash for the local data and a hash for the 
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1 remote data, and comparing the hashes, wherein if the hashes are different then a change has 

2 been detected and synchronization is required (See Yianilos Paragraphs 0083 - 0084). 

3 It would have been obvious to the ordinary person skilled in the art at the time of 

4 invention to employ the teachings of Yianilos in the synchronization system of Burch, Brovick, 

5 and Grambihler by detecting changes by comparing hashes of the local and remote credential 

6 stores. This would have been obvious because the ordinary person skilled in the art would have 

7 been motivated to minimize the network traffic generated by the synchronization. 



8 

9 Allowable Subject Matter 

10 Claims 1-16, and 49 are allowed. 

1 1 The following is a statement of reasons for the indication of allowable subject matter: 



12 The applicants' arguments have been found persuasive. While the prior art does teach 

13 enumerating and synchronizing credentials in response to various events, the prior art does not 

14 teach the specific combination of limitations as claimed. For example, the prior art does not 

15 teach enumerating credentials in response to each of a lock event, a startup event, a shutdown 

16 event, a logon event, a logoff event, an unlock event, a session event, a timer event, a manual 

17 request, and a credential update event, evaluating local and remote credentials based upon the 

1 8 enumerating, and synchronizing the local and the remote credentials based upon the evaluation. 
19 

20 Conclusion 

21 Claims 17-27,29,32,33, 35, and 38-44 have been rejected. 
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1 Applicant's amendment necessitated the new ground(s) of rejection presented in this 

2 Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 

3 Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 . 1 36(a). 

4 A shortened statutory period for reply to this final action is set to expire THREE 

5 MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 

6 MONTHS of the mailing date of this final action and the advisory action is not mailed until after 

7 the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 

8 will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

9 CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 

10 however, will the statutory period for reply expire later than SIX MONTHS from the date of this 

1 1 final action. 

12 Any inquiry concerning this communication or earlier communications from the 

13 examiner should be directed to MATTHEW T. HENNING whose telephone number is 

14 (571)272-3790. The examiner can normally be reached on M-F 8-4. 

15 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

16 supervisor, Ashok Patel can be reached on (571)272-3972. The fax phone number for the 

17 organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 



2 Application Information Retrieval (PAIR) system. Status information for published applications 

3 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

4 applications is available through Private PAIR only. For more information about the PAIR 

5 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

6 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

7 like assistance from a USPTO Customer Service Representative or access to the automated 

8 information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



9 



10 
11 

12 
13 



/Matthew T Henning/ 

Primary Examiner, Art Unit 249 1 



